Indian taxpayers are at risk with reports of a data leak from an organization catering to tax assistance surfaced in the media. According to threat intelligence received by The Cyber Express, a hacker forum user was found publicly releasing Indian taxpayer data. The hacker forum user had the username, ‘Hacking’ and the post about the Indian taxpayer data leak was published on September 27, 2023.
‘Hacking’ claimed to have the taxpayer data from the website called TaxReturnWala. TaxReturnWala offers assistance and advice related to finance, legal obligations, compliance, and tax payment among others to individuals and corporations.
The website of TaxReturnWala was accessible when checked by The Cyber Express team. We emailed the organization to comment on the alleged Indian taxpayer data leak of information from their system. We will update this report based on their response.
Details About the Indian Taxpayer Data Leak on the Hacker Forum
The malicious dark web post was titled, “WordPress Online Tax Services Admin Table Data [India].” However, the authenticity of the claims and said data could not be verified.
Oftentimes, users on hacker forums post data claiming to be from a huge organization to dupe other cyber criminals and make money in the trade. The release of the Indian taxpayer leak without charging for it represents a lack of confidence in finding buyers who would pay for the same.
It also could be a result of failed negotiations with Tax Return Wala for a ransom payment. Previous data breaches could also be the source of the data freely released by the disgruntled hacker forum user.
Details of the Database Released in the Alleged Tax Return Wala Data Leak Post
The hacker forum user did not mention the file size released in the Indian taxpayer data leak. The format of the data they released was CSV. Such file formats are often used to place data in tables.
“Number of data:+2,” read the hacker forum post about the Tax Return Wala data leak. They claimed that it was a custom database with email, password, and username among other details.
The statement – To Hack and Enter The Site, You Need To Crack The Hash – made by the hacker forum user draws attention to the hacking technique likely used by them to gain the said taxpayer information.
The released information in the hacker forum message could likely assist hackers to themselves hack the systems of Tax Return Wala.
The Hacker Forum User’s Details
The Hacker Forum User ‘Hacking’ who claimed to sell taxpayer data of Indians had joined the dark web platform in June 2023. They had made 428 posts in a short span of 5 months. Their reputation score was 195 and a VIP status was reflected on their bio.
Hacking also marked themselves as a security researcher in their profile.
Previous Instances of Indian Taxpayer Data Compromise
Cyble Research and Intelligence Labs earlier detected an upgraded version of the Android banking trojan called Drinik. The app iAssist was infected with Drinik which then allowed itself to impersonate the Income Tax Department of India and affect nearly 18 Indian banks.
The app took users to a website with a fraudulent dialogue box asking them to enter their account details to get a tax refund. Scammers accessed biometric data, keystrokes, screen activities, PAN card details, Aadhaar cards, credit card numbers, CVV, and PIN using Drinik.
Cyble also unearthed the recent malicious activities caused by a data-stealing remote access trojan, Agent Tesla. Scammers created tax-related documents to dupe unsuspecting users and steal their clipboard data, and file system access, among other data.
Due to the spike in cybercrimes in India, the Indian Ministry of Electronics and Information Technology took down over 6000 malicious URLs in 2021, and over 1096 URLs in 2022. Moreover, to keep social media safe for users, the IT Ministry took down 464 posts on Instagram.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
